“A good starting point is to make sure that you’re in line with the requirements of Cyber Essentials – a government scheme that includes a set of basic technical controls you can put in place relatively easily.”
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/security/